The Capital Interview: General William Lord on Cyberspace and the Future of Warfare

Share

The U.S. Air Force is standing up a dedicated command to defend the military's cyberspace -- that is, its digital, computerized infrastructure. Maj. Gen. William T. Lord, commander of the Air Force Cyberspace Command, says as the nature of warfare changes, the ability of the U.S. military to detect and defend must change with it. That's no easy task. "In this business, there are lots of peers because the price of admission is relatively low," Lord says. "Nation-states that don't have huge armed forces all of [a] sudden can begin to take nefarious activities on other nation-states [that] they wouldn't have thought of engaging if you think about traditional modern warfare." As enemies turn to cyberspace to wage and win battle, Lord adds, the Pentagon, too, is making cyber warfare an inseparable part of its war fighting strategy.

The focus on offensive and defensive cyber capabilities is of increasing importance for military and civilian communities. If you could, start out by talking about the Air Force's Cyber Command structure, the mission of cyber command, and where we are today in terms of its capabilities.

Right now we're in the nascent phase. We have a hundred and sixty folks who are assigned across about four different bases who are doing this work for me. As a provisional command, I have no forces. I'm not authorized to have any forces. So until this capability goes initial operational capability on the first of October, this really is a virtual command. On the first of October, we will stand up a wing in the electronic warfare business; one in the information operations business; one that already exists in the network warfare business; and the traditional communications electronics wing. As we break this war into establishing the domain, using the domain, and operating in the domain, those will be the forces that we'll have assigned. Today we are looking at as I said about five hundred folks in the headquarters, and that will be a virtual headquarters initially spread around about a dozen different bases. And eventually with the combination of those subordinate units that I just described and the headquarters, about eight thousand people total.

And you're currently at Barksdale Air Force Base inLouisiana, is that correct?

That's correct, at Barksdale Air Force Base, the provisional location and the interim location until the Pentagon sorts out exactly what the final location will be. And that's projected to be announced for the site surveys of the finalists, if you will, at the end of this year, for final announcement sometimes next year.

Could you talk a little bit about your current operational focus, the offensive versus defensive capabilities? Is the Air Force Cyber Command strictly limited to protecting the domain that the Air Force operates in, or are you bleeding out to assist other services or the civilian side?

Right now, [we're] strictly focused on defense of the Air Force domain, strictly focused on defense of the Air Force only. I think that as the command goes to full operational capabilities, they'll begin to roll in the Air Force offensive capabilities again as we present to a combatant commander depending on what they need and what they want. So we have to develop not only the defenses but develop techniques, tactics, procedures, tools to do the offensive piece. But right now [we're] focused on defense.

What types of threats are you working to defend against?

It's everything from [legitimate attacks to something that} looks like an attack, which turns out to be really just somebody putting a new device on a network. So the work now it's trying to define, being able to define, or be able to separate, the good from the bad, from nefarious, from the criminal, to just dumb insider activity. We had system administrators making a mistake in the network and that's just as dangerous as an enemy. We shut ourselves down more than anybody else shuts it down.

Have we been attacked?

Depends on what you call an attack. We certainly have had penetrations and we've been attacked by ourselves, if you will. If you define an attack as something that degrades your ability, yes we've been attacked. Sometimes we're attacked by ourselves from our own acts of omission versus commission.

Turning as much as you can to the other side of the equation, the offensive side of the Air Force's capabilities, how good are we? What can we do, what can't we do, and are we the best out there?

Well, in this business, there are lots of peers because the price of admission is relatively low. With some technologically smart kids you can do a lot of damage. And the difference is this technology only requires you to have a connection and a laptop computer. So as the nature of warfare changes and the price of admission to the fight goes way down, you can have lots more players.

When the price of admission was you had to have an armored/mech division, a flight of F22s, an armada of ships, it was very, very expensive, and most people didn't play. So the danger is with this kind of warfare, you can get a lot of folks playing who didn't play before. So nation-states that don't have huge armed forces all of [a] sudden can begin to take nefarious activities on other nation-states that they wouldn't have thought of engaging if you think about traditional modern warfare. So I think that will change the state of play. I don't think it will change in five or maybe even in ten years, but maybe in twenty or twenty five years.

One of the things that I've heard critics talk about is the secretive nature of how operations are conducted, capabilities of theU.S.military and civilian communities. Is there a reluctance to talk publicly about these cyber-abilities, or is it something less sinister?

I would argue that it is less sinister. We don't want to talk about it because it's a capability that you don't want an enemy to know how capable you really are. So it's operational security, if you will. That's why you don't hear us talk about it very much.

We've heard in the western media stories of the Chinese reading the U.S. Secretary of Defense's email. We've read about what others doing to us, but not very often about what we're doing to them. Is this by design, or should one assume we're not doing anything?

By design.

One-word answer?

Two-word answer.

Where are we in terms of financial support inWashingtonfor cyber command initiatives?

That's a good question. One of the things I'm required to do, is to develop a program objective memorandum, which is our version of long-term budget [needs]. We're doing that and working it through the Air Force corporate structure right now. And while not approved yet, it looks like that'll be about 5 billion dollars per year [for five years]. Not new money, this is existing programs that we are sweeping into one pile that we can now put concentrated force and mass on, to better integrate those cyber efforts. We've been doing cyber business for a long time, but we're not getting all our eggs in one basket so that we can properly focus resources on that problem.

That's not new money but is that an increase in previous funding level?

No, it is existing programs that are doing cyber today, but they're spread out all over the U.S. Air Force. What we're doing is consolidating those.

Finally, why is the Air Force such a good place in the military structure for cyber defenses? Is the air force best suited?

I didn't say we're best suited as opposed to any other service. I think that within the air force we're so heavily dependent on this cyber domain, that we need to take more actions than we have taken in the past to protect it so that we can use it, we the air force can use it when we need to.

Independent Task Force Reports

Rates of heart disease, cancer, diabetes, and other noncommunicable diseases (NCDs) in low- and middle-income countries are increasing faster than in wealthier countries. The Independent Task Force outlines a plan for collective action on this growing epidemic.

New Council Special Reports

Campbell evaluates the implications of the Boko Haram insurgency and recommends that the United States support Nigerian efforts to address the drivers of Boko Haram, such as poverty and corruption, and to foster stronger ties with Nigerian civil society.

Koblentz argues that the United States should work with other nuclear-armed states to manage threats to nuclear stability in the near term and establish processes for multilateral arms control efforts over the longer term.

The authors argue that it is essential to begin working now to expand and establish rules and norms governing armed drones, thereby creating standards of behavior that other countries will be more likely to follow.

2014 Annual Report

Learn more about CFR’s mission and its work over the past year in the 2014 Annual Report. The Annual Report spotlights new initiatives, high-profile events, and authoritative scholarship from CFR experts, and includes a message from CFR President Richard N. Haass.Read and download »

Now Available: Foreign Policy Begins at Home

The biggest threat to America's security and prosperity comes not from abroad but from within, writes CFR President Richard N. Haass in his provocative new book. More